Organizations generally utilize multiple password protected user accounts for providing secure access to computing resources within the organization. These resources may include, for example, software products, applications (e.g., cloud-based applications, enterprise applications, or any other applications), cloud services, various types of data (e.g., networked files, directory information, databases, or the like) and other resources. In order to effectively keep track of resource access by users within an organization, an organization may often use a generic password protected user account with a single password that may be shared among a set of users of the organization. However, sharing passwords may pose several challenges.
Multi-factor authentication has been traditionally used as an authentication mechanism to protect access to user accounts on computing systems. In addition to a username and password to gain access to various resources of the organization, during multi-factor authentication, users may present additional evidence of their identity via one or more other factors. These additional factors may include for example, an authentication token from a token generating device, a scan of a fingerprint, or a one-time code sent to the user's email account or via SMS. However, adding an additional factor to a password-based authentication is inconvenient for users as they need extra devices (token generator, biometric scanner, email account, mobile phone and the like) and time to receive and enter the code. While various techniques have been employed to effectively share such codes or tokens with only intended parties, the employed techniques are of varied success.